ERROR: self signed certificate

Hi,

I have the following setup:

  1. server with Virtualmin which hosts PHP applications through the Apache web server
  2. n8n instance installed with npm
  3. virtual website which allows me to access n8n using subdomian
  4. SSL certificate provided by Virtualmin for the n8n subdomain

When I start n8n normally with “n8n start”, I can access n8n dashboard without any issues using my subdomain with HTTPS

https://n8n.domain

In this case, if I try to execute “IMAP Email” node, I get the following error

If I stop n8n and export NODE_TLS_REJECT_UNAUTHORIZED=0 variable with
export NODE_TLS_REJECT_UNAUTHORIZED=0

and then start n8n again, I can execute “IMAP Email” without any errors

Can you point me into the right direction here how to solve this without accepting self signed SSL certificates?

I even tried to add certificate (from the domain configuration) to n8n using the following variables
N8N_SSL_CERT
N8N_SSL_KEY

This doesn’t help

Thank you guys in advance!

Regards,
Igor

Am I really the only one to use n8n and apache as a proxy in the combination?

Sadly no experience with Virtualmin and Apache. Also not sure if that is the main problem here as it almost looks like something lower level in Node.js. But also not much experience there. For that reason can I sadly not be of much help here. Sorry!

Hi,

I think that you will have to tackle on this because it comes from n8n

node --trace-warnings /usr/bin/n8n
n8n ready on 0.0.0.0, port 5678
Version: 0.74.0

================================
Start Active Workflows:
================================
- Arburoža
ADD ID (active): 1
(node:12687) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
at getAllowUnauthorized (internal/options.js:21:13)
at Object.connect (_tls_wrap.js:1561:29)
at Connection.connect (/usr/lib/node_modules/n8n/node_modules/imap/lib/Connection.js:128:22)
at /usr/lib/node_modules/n8n/node_modules/imap-simple/lib/imapSimple.js:584:14
at new Promise (<anonymous>)
at Object.connect (/usr/lib/node_modules/n8n/node_modules/imap-simple/lib/imapSimple.js:532:12)
at Object.trigger (/usr/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/EmailReadImap.node.js:211:42)
at Workflow.runTrigger (/usr/lib/node_modules/n8n/node_modules/n8n-workflow/dist/src/Workflow.js:498:37)
at ActiveWorkflows.add (/usr/lib/node_modules/n8n/node_modules/n8n-core/dist/src/ActiveWorkflows.js:24:46)
at ActiveWorkflowRunner.add (/usr/lib/node_modules/n8n/dist/src/ActiveWorkflowRunner.js:240:44)
 => Started
- Slobodna djelatnost - uplate
ADD ID (active): 2
 => Started

Editor is now accessible via:
https://localhost:5678/

Press "o" to open in Browser.
(node:12687) UnhandledPromiseRejectionWarning: Error: Got 0 parts, should get 1
at /usr/lib/node_modules/n8n/node_modules/imap-simple/lib/imapSimple.js:206:28
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at emitUnhandledRejectionWarning (internal/process/promises.js:168:15)
at processPromiseRejections (internal/process/promises.js:247:11)
at processTicksAndRejections (internal/process/task_queues.js:94:32)
(node:12687) Error: Got 0 parts, should get 1
at /usr/lib/node_modules/n8n/node_modules/imap-simple/lib/imapSimple.js:206:28
at processTicksAndRejections (internal/process/task_queues.js:93:5)
(node:12687) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
at emitDeprecationWarning (internal/process/promises.js:180:11)
at processPromiseRejections (internal/process/promises.js:249:13)
at processTicksAndRejections (internal/process/task_queues.js:94:32)

Regards,
Igor

Sorry, but I really do not like the sounds of that. I literally do not have to. n8n gets offered totally for free and all support we and I personally give is because we want to and we care about the community and our users very much. I also think we offer a very fast and good support. It is for example currently 9:10 p.m. Friday as I write this, I could also spend this time right now with my wife and children instead but instead, I am sitting here and answer your question. Anyway, us doing that is not because we HAVE TO it is because we WANT TO! We would only have to if we would get paid and there would be some kind of contract in place, which is not the case here.

Now why we can not look into your problem:
We can simply not invest hours in every edge case and support all possible combinations of operating systems, proxies, setups and whatever else. It is not like we have a team of 100 developers and support people sitting around. Our team is incredibly small. If we would do that, we would not get anything else done anymore. We have to prioritize and if I have to choose right now between investing 5h+ of developer time in debugging one edge case that literally one person has right now or add an integration to a service which many people are waiting for, it is honestly not a hard decision. We are a very small startup and we have to prioritize and say “no” a lot if we want to be sure to still be around tomorrow. I hope you understand that. We do not do that because we are lazy and we do not want to help, it is simply because we do not have the resources. Even if you look at the amount of issues we are not able to resolve (“will not fix” like this one) to the ones we do, and then compare that with some huge tech companies like Google, we are still doing pretty well.

And now to your problem:
Both of the error messages are thrown in a module n8n uses under the hood. The “imap-simple” and the “imap” one. We did not write any of those ourselves. We only use them in our code.

So there are multiple possibilities what the reason for that errors are:

  1. We use the modules wrong or messed something else up
  2. One of the modules has a bug
  3. The service you connect to does something strange
  4. Your setup is causing the problem
  5. ??? Probably even more things

I have no idea which one it is. In this case, it would sadly really be on you as part of the community and the person having that problem to:

  1. Fix it yourself
  2. Pay someone to fix it for you, if you can not do it yourself
  3. Use our server setup guide and see if it also happens there and then report back
  4. In the very worst case use another project which does not have that problem

I hope that all makes sense!

2 Likes

Hi,

I honestly don’t understand how did you understand my previous message as an attack on you or your team. I wasn’t’ disrespectful in any word I said.

Your reaction is truly completely unexpected, out of proportion and is something I would never do to someone that is trying to help me, no matter what kind of help that was.

I just provided a debug output which can or could provide some helpful information about the issue that I experience. I literally provided that because I like your product, understand that you are start-up and that you need help as much as you can get from the community. I don’t want to use other product because I like yours. Just because of that I wanted to help you.

My help is not much I guess but I would accept it if I would have this kind of start-up. Or at least would thank the person who gave me any additional information that could help me to resolve the problem.

I didn’t say that you will HAVE TO do this, just because I reported it. I merely suggested that it looks like something in the code is creating the issue. You can see from my other topics that I am not a developer, but I am trying to get to know your product.

Your could just say, that the issue is happening in other module, which you didn’t write and that would be the end of this case.

Anyway, I will report the problem to the developer of that 3rd party module so we will see what will he/they reply back

Regards,
Igor

I did not see your message as an attack at all. Sorry if my answer suggested otherwise. I only wanted to make clear that I do not like it if people suggest they are entitled to free support for a free product which seems to be more and more the case in open-source (and fair-code). Your words “you will have to” it sounded for me as one of those cases. If it was not meant that way, then I am really sorry but “you will have to” sounds simply incredibly demanding, not friendly, and simply like we “HAVE TO” as that were the exact words used.

Anyway, I am very glad to hear that you did not mean it like that at all!

I still suggest you to do as I suggested as “3”. To see if the same happens when setting up n8n according to our server setup guide. You can get a new Digital Ocean (or whatever) server, follow the steps, see if it works then, and then delete it again.
If it does work there then we know that your setup is the issue, if not, then we know that the problem is in the module or n8n.

It certainly didn’t mean to demand a support from you. I know that your application is open source and that you can’t provide free support to everyone asking for it

My words “you will have to” just implied that, if you plan to offer a hosting solution, which I believe you do plan, you will have a situation where you will provide service behind some kind of proxy. In that case, I am guessing you will encounter this problem. That is why I wrote that “you will have to”

Anyway, I have asked guys who wrote “imap-simple” module to see if they will have some ideas how to solve this

Regards,
Igor

Thanks a lot for explaining! Then sorry, understood you then totally wrong!

Btw. we are not “OSI approved open-source”:
https://docs.n8n.io/reference/faq.html#license

1 Like

Hi,

I am happy that we have come to the same path and that we are friends again :wink:

Working as a part time freelance support person for various companies during the years thought me a valuable lesson. In case you see someone is “demanding something” or at least it sounds like he does, try to find and learn all the facts first before jumping to conclusions too soon.

I am very well aware that working in a start-up can be very demanding and frustrating, with lots of decisions that you need to make, lots of prioritization, and putting away things that sounds good for a product that already have some stability but would mean a lot of effort in the beginning. Please try to keep calm and don’t burn-out on things like this :blush:

You have a good product with nice future if I can judge from what I saw so far

I am really trying to understand it in deep. This forced me to look around for JS tutorials which would help me to use it in a better way. In my very limited knowledge of JS, I managed to produce something like this

That workflow is just a tip of an iceberg of the flow which I plan to create in the end. Just waiting for a better GMail node :wink: Current “EmailReadImap” is limited and you can’t do things specific to GMail (labels, moving of emails etc). I know that new GMail node is WIP and I am waiting patiently

I know that you are not “OSI approved open-source”. I saw your licence explanation

Regards,
Igor

1 Like

Hi @mihha!

When you have time, could you could direct message me the additional functionality you’d want in a Gmail node? I work on product design for n8n, so such a list would be very helpful.

I can’t guarantee that we’ll add this functionality of course, but there is a good chance we’d want to add things like ability to categorize emails in future (current V1 is being tested at the moment, from a quick check it does look like it has support to add labels).

@maxT

Direct message sent. If you want, we can discuss this further

Regards,
Igor

BTW, @jan, I was able to work this out

Now, I have the following setup which is working correctly with signed certificate from LetsEncrypt

  1. subdomain and website created using Virtualmin
  2. subdomain is using HTTPS
  3. n8n instance installed with npm
  4. SSL certificate provided by Virtualmin (from LetsEncrypt) which is working on the subdomain

I had to create the following combination of environment variables

export N8N_PROTOCOL=https
export VUE_APP_URL_BASE_API=“https://n8n.domain/
export N8N_BASIC_AUTH_ACTIVE=true
export N8N_BASIC_AUTH_USER=myhiddenuser
export N8N_BASIC_AUTH_PASSWORD=myhiddenpassword
export WEBHOOK_TUNNEL_URL=“https://n8n.domain/

My error in initial attempt was a combination of two things:

  1. using variable N8N_HOST=n8n.domain. Since the host is actually localhost in this case and Apache is serving a content from localhost when you access this subdomain from the internet, N8N_HOST variable shouldn’t be set

  2. I am using pm2 process manager for node. I wasn’t aware that when you create a process using that manager, stop the process, change some variables and then start the process again, pm2 actually saves the variables, instead of using new values. You have to delete a process and then create it with new variables active in order to change them for the process

Anyway, I have a fully working n8n application, which is using LetsEncrypt certificate, is accessible from the internet without a tunnel and is sitting behind a proxy

Regards,
Igor

1 Like

That is great to hear @mihha that it works now!

Also thanks a lot for the write up! I am sure it will be very helpful for other people in the future which face the same or similar problem. Esp. interesting to hear how pm2 handles processes. Has a lot of potential to waist hours of debugging something.